Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47697

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32642

Malicious code in bioql PyPI...

8.4CVSS6.5AI score0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32641

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/09/12 3:15 a.m.4 views

CVE-2025-43788

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...

5.3CVSS0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37277

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 7.4 update 81 through update 85 Description: The organization selector does not verify user permissions, potentially allowi...

5.3CVSS6.4AI score0.00244EPSS
Exploits0References8
CVE
CVE
added 2025/09/11 5:26 p.m.29 views

CVE-2025-43782

The CVE-2025-43782 entry covers an Insecure Direct Object Reference (IDOR) in Liferay Portal/DXP where the workflow-definition API exposes resources by name, enabling remote authenticated users to access workflow definitions without proper authorization. Affected products/versions include Liferay...

5.3CVSS6.4AI score0.00234EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/09/10 9:30 p.m.4 views

GHSA-FVP7-JJ9M-3QPF Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data

An Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entry information via the API Builder...

6.2CVSS6.3AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2025/09/09 3:0 a.m.22 views

CVE-2025-43777

CVE-2025-43777 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP versions 2025.Q1.0–2025.Q2.9 (and earlier 2024.Q1.1–2024.Q4.7, 2024.Q2.0–2024.Q2.13, 2024.Q3.0–2024.Q3.13). The issue: an Internal Server Error is exposed in the login response when a request uses a deleted Client Secret. Root ...

5.3CVSS6.4AI score0.00216EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 7:20 a.m.14 views

CVE-2024-23609

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

7.8CVSS7.5AI score0.00591EPSS
Exploits0References1
OSV
OSV
added 2024/07/23 2:15 p.m.4 views

CVE-2024-4079

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

7.8CVSS5.9AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2024/07/23 2:15 p.m.17 views

CVE-2024-4081

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions...

8.4CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/23 1:29 p.m.33 views

CVE-2024-4080 Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

8.4CVSS0.00271EPSS
Exploits0References1
CVE
CVE
added 2024/07/23 1:29 p.m.59 views

CVE-2024-4080

CVE-2024-4080 is a memory corruption vulnerability in LabVIEW tdcore.dll (affecting LabVIEW 2024 Q1 and earlier). The root cause is an improper length check in tdcore.dll, which could disclose information or allow arbitrary code execution when a user opens a specially crafted VI. Exploitation req...

8.4CVSS7.9AI score0.00271EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/23 1:19 p.m.24 views

CVE-2024-4079 Out of Bounds Read Due to Missing Bounds Check in LabVIEW

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

7.8CVSS0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.5 views

PT-2024-37397 · National Instruments · Ni Flexlogger +1

Name of the Vulnerable Software and Affected Versions: NI SystemLink Server versions 2024 Q1 and prior NI FlexLogger versions 2023 Q2 and prior Description: The issue is related to an out-of-date version of Redis shipped with the affected software, which is susceptible to multiple vulnerabilities...

7.8CVSS7.2AI score0.00275EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.42 views

Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)

The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...

9.8CVSS8.7AI score0.97482EPSS
Exploits14References2
NVD
NVD
added 2024/05/29 3:16 p.m.28 views

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

9.8CVSS9.8AI score0.97482EPSS
Exploits14References2
NVD
NVD
added 2024/05/15 5:15 p.m.41 views

CVE-2024-4357

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...

6.5CVSS6.1AI score0.007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/15 5:4 p.m.14 views

CVE-2024-4837 Trust Boundary Violation Vulnerability

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

5.3CVSS7.1AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 4:58 p.m.34 views

CVE-2024-4357

Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...

6.5CVSS6.1AI score0.007EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder